SSCP

The Computer Security Policy Model the Orange Book is based on is which of the following?A .  Bell-LaPadulaB .  Data Encryption StandardC .  KerberosD .  TempestView AnswerAnswer: A Explanation: The Computer Security Policy Model Orange Book is based is the Bell-LaPadula Model. Orange Book Glossary. The Data Encryption Standard (DES)...

What mechanism does a system use to compare the security labels of a subject and an object?A .  Validation Module.B .  Reference Monitor.C .  Clearance Check.D .  Security Module.View AnswerAnswer: B Explanation: Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security...

What is the difference between Advisory and Regulatory security policies?A .  there is no difference between themB .  regulatory policies are high level policy, while advisory policies are very detailedC .  Advisory policies are not mandated. Regulatory policies must be implemented.D .  Advisory policies are mandated while Regulatory policies are...

Which of the following questions is less likely to help in assessing physical access controls?A .  Does management regularly review the list of persons with physical access to sensitive facilities?B .  Is the operating system configured to prevent circumvention of the security software and application controls?C .  Are keys or...

Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?A .  Unit testingB .  Pilot testingC .  Regression testingD .  Parallel testingView AnswerAnswer: C Explanation: Regression testing is...

What are the three FUNDAMENTAL principles of security?A .  Accountability, confidentiality and integrityB .  Confidentiality, integrity and availabilityC .  Integrity, availability and accountabilityD .  Availability, accountability and confidentialityView AnswerAnswer: B Explanation: The following answers are incorrect because: Accountability, confidentiality and integrity is not the correct answer as Accountability is not one...

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?A .  Single Sign-OnB .  Dynamic Sign-OnC .  Smart cardsD .  KerberosView AnswerAnswer: A Explanation: SSO can be implemented by using...

Which of the following is NOT true of the Kerberos protocol?A .  Only a single login is required per session.B .  The initial authentication steps are done using public key algorithm.C .  The KDC is aware of all systems in the network and is trusted by all of themD ....

Buffer overflow and boundary condition errors are subsets of which of the following?A .  Race condition errors.B .  Access validation errors.C .  Exceptional condition handling errors.D .  Input validation errors.View AnswerAnswer: D Explanation: In an input validation error, the input received by a system is not properly checked, resulting in...

Which of the following is most appropriate to notify an external user that session monitoring is being conducted?A .  Logon BannersB .  Wall posterC .  Employee HandbookD .  Written agreementView AnswerAnswer: A Explanation: Banners at the log-on time should be used to notify external users of any monitoring that is being...